Lucene search

[email protected]CVE-2007-5178

HistoryOct 03, 2007 - 2:17 p.m.

CVE-2007-5178

2007-10-0314:17:00

CWE-94

[email protected]

web.nvd.nist.gov

111

cve-2007-5178

mx_glance

remote file inclusion

security vulnerability

php code execution

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.219 Low

EPSS

Percentile

96.4%

JSON

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

CPENameOperatorVersion
mxbb:mx_glancemxbb mx glanceeq2.3.3

CPE	Name	Operator	Version
mxbb:mx_glance	mxbb mx glance	eq	2.3.3

References

osvdb.org/37400

secunia.com/advisories/27011

www.attrition.org/pipermail/vim/2007-October/001807.html

www.attrition.org/pipermail/vim/2007-October/001808.html

www.securityfocus.com/bid/25866

www.vupen.com/english/advisories/2007/3326

exchange.xforce.ibmcloud.com/vulnerabilities/36867

www.exploit-db.com/exploits/4470

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.219 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2007-5178

prion1